GitLab OmniAuth plugin


(axil) #1

Source code: GitLab.org / discourse-omniauth-gitlab · GitLab

:warning: Attention

This is supported on GitLab 7.7+.

Installation

First, register a new system application in GitLab by visiting /admin/applications/new.
The redirect URI is of the form:

https://discourse.example.com/auth/gitlab/callback

Add the plugin’s repository url to your container’s app.yml file:

hooks:
  after_code:
    - exec:
        cd: $home/plugins
        cmd:
          - mkdir -p plugins
          - git clone https://github.com/discourse/docker_manager.git
          - git clone https://gitlab.com/gitlab-org/discourse-omniauth-gitlab.git

Rebuild the container by providing the APP_ID, SECRET and GitLab url values:

cd /var/discourse
git pull origin master
GITLAB_APP_ID=gitlabtestid GITLAB_SECRET=gitlabtestsecret GITLAB_URL=https://git.example.com ./launcher rebuild app

Otherwise you can add these variables in app.yml under the env section.


#2

I have a silly question: you mention /admin/applications/new, but my Gitlab instance returns 404 for this URL. Any idea what could cause this? (Omnibus 7.5.3) I couldn’t find anything relative to that problem here or in Gitlab’s forum (and I don’t have console access to troubleshoot it).


(axil) #3

Not silly at all, my fault I didn’t mention it. This is supported on 7.7+.


(Ephemeraleclipse) #4

Hey I realize this is a very old topic now, but this plugin is really interesting. This is exactly what I’m looking for but I’m just curious about how the existing discourse users will be connected to Gitlab account.
For example, Gitlab’s OAuth allows a logged in user to connect their Google, Facebook, or Github accounts in their settings, is there something similar in this plugin for discourse to gitlab as well?


(Kane York) #5

It will be by the email provided by Gitlab. If the email matches when you first sign in with Gitlab, the account will be connected.


(Ephemeraleclipse) #6

orly? Thanks very much! :smiley: can’t wait to try it out tonight


(Ephemeraleclipse) #7

it’s not connecting the account, when I try to log in with gitlab it just redirects me to signup with my info filled out and tells me my username and email has already been taken :frowning:

Got it fixed, made a merge request to the repo on gitlab, not sure if anyone still maintains that o_o


(axil) #8

Yes, I maintain it and merged your MR thanks!


#9

Hello,

I have manually created accounts that I want to associate with a Gitlab account. Is there a way to do it?

The normal workflow is that an existing gitlab account visits the Discourse: then its discourse account is created. What I want to do is, as an admin or as the logged-in user, explicitly set the link between the gitlab and discourse accounts.


(axil) #10

I guess setting the same e-mail between GitLab and Discourse will work.


(Ralf Jung) #11

Yes - if you log in via GitLab and there already is a Discourse account with that e-mail address, then that’s the account you are logged in to.


#12

@RalfJung my experiment doesn’t match your description: I tried logging in with my gitlab account which uses the same username and email as the existing Discourse account.

But when I “login with gitlab”, I receive a proposal to create a new account named username1 instead of the existing username.

What you describe is what I would like to achieve. Moreover, I’d like to have a user UI to associate an account. This, it seems to me, is missing from the current Discourse.


(axil) #13

Are you pulling the latest master? There was a change back in October which fixed the issue you describe added ability to connect existing accounts (2b2016eb) · Commits · GitLab.org / discourse-omniauth-gitlab · GitLab


#14

Hmmm, my plugin page was showing a fixed version (v0.0.2) without any mean to change it nor update the plugin. I ran again the rebuild command:

No change: Imgur: The magic of the Internet

[Edit:] Seems like GitLab.org / omniauth-gitlab · GitLab is DEPRECATED. The page tells to look at GitHub - linchus/omniauth-gitlab: Strategy for authenticating to your GitLab service instead. Should I use that, or your fork?


(axil) #15

The Discourse plugin uses linchus/omniauth-gitlab, not my fork, see plugin.rb · master · GitLab.org / discourse-omniauth-gitlab · GitLab

I bumped the version to 0.0.3 to include a fix in omniauth-gitlab (https://github.com/linchus/omniauth-gitlab/issues/10). Try to rebuild the container.

Although it’s strange, because we use the same version as you in https://forum.gitlab.com and works fine, I just tested it.


#16

I rebuilt the instance and now it shows v0.0.3. But I still can’t login from Gitlab: it proposes me to use a different username. This is weird.

I tried running the code from the console:

::PluginStore.get("gl", "gl_uid_hellekin")
=> nil
existing_user = User.where(email: email).first
=> User ...
::PluginStore.set("gl", "gl_uid_hellekin", {user_id: existing_user.id})

Then tried to login from gitlab again. No luck.

BTW, I submitted an MR to fix a minor issue.


(axil) #17

Could it be that you have multiple e-mails in GitLab? I think it only captures the one you set as primary.


#18

I have emails using +, e.g., user+foo@example.org. Would that interfere?


(axil) #19

No, but i tried with a new GitLab account and I can reproduce your issue. Investigating.


#20

Any progress on this @axil?